Researchers link CCLEANER hack to cyberespionage group

The recent attack that resulted in 2.2 million users installing infected versions of a popular Windows system optimization tool might have been the work of a sophisticated cyberespionage group with a history of software supply chain compromises.

Researchers from two security companies have established links between the malicious code surreptitiously added to the program’s installer and malware previously used by a prolific group of Chinese hackers that once broke into Google’s corporate infrastructure.

On Monday, it was revealed that the official and digitally signed installers for two versions of CCleaner—a utility for removing temporary files and invalid registry entries on Windows computers—contained a backdoor program capable of installing additional malware. These malware-laden programs were distributed between August 15 and September 12.